Attackers are using spearphishing emails containing malicious links to deliver malware that uses Rundll32 and Mshta for defense evasion.
Suspected TTPs:
- Initial Access: Spearphishing Link
- Execution: Rundll32
- Defense Evasion: Mshta
Tag: Rundll32
Hunt 4 DLL sideload by China
The threat actor may attempt to execute malicious code by side-loading a malicious DLL using a legitimate application.